Using MIL-STD-882 as a WHS Compliance Tool forAcquisition

Or what is This Due Diligence thing anyway?

Matthew Squair

Jacobs Australia

28-29 May 2015

1 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

Acknowledgement

I’d like to acknowledge the assistance of Kate Thomson and John Davies in casting theirlegal eyes over this presentation.

Disclaimer

The comments and opinions of this presentation are mine and do not represent theopinion of Jacobs Australia or the Australian Defence Organisation.

Where to find this

You can find this presentation and the associated paper at www.criticaluncertanties.com

License

Except for images whose sources are specifically identified, this copyright work islicensed under a Creative Commons Attribution-Noncommercial, No-derivatives 4.0International licence.

To view a copy of this licence, visit http://creativecommons.org/licenses/by-nc-nd/4.0/

2 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

”It ain’t what you don’t know that gets youinto trouble. It’s what you know for surethat just ain’t so.”

Mark Twain

”It is better to be vaguely right than exactlywrong”

Carveth Read

3 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

A bit about me...

Who I work for

Pertinent experience

Interests

4 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

What is the Australian Defence Organisation about?

5 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

What is the Australian Defence Organisation about?

Capability...

Operationally it’s the use of capability by the operational arms

Sustainment, it’s about supporting

Acquisition, it’s about obtaining the materiel for new or replacementcapabilities

Acquisition and sustainment of materiel are traditionally handled bythe Defence Materiel Organisation (DMO)

6 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

The law and the engineer

”If you want to know about nature’s lawsask a scientist”

”If you want to know about man’s laws aska lawyer”

”But if you want to know about the inter-section of man and nature’s laws ask an en-gineer”

7 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

The WHS model act 2011 in a nutshell

The legislation is very pragmatic:

Rejects risk acceptance...because risk is so problematic

Negligence driven, e.g reasonable (1863) & practicable (1947)

Due diligence is admitted as a defence (stockbrokers defence)

Borrows hierarchy of controls from existing safety standards

Deliberately establishes non-transferable responsibilities

Establishes supply chain responsibilities

Eye watering criminal penalties for duty holders...

8 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

What is this due diligence of which you speak?

Due diligence INCLUDES:

1 Acquire and keep up-to-date knowledge

2 Understand operations and their hazards and risks

3 Appropriate resources and processes to eliminate/minimise risks

4 Processes for receiving and responding to safety information

5 Processes for complying with any duty or obligation, and

6 Verifying the provision and use of the resources and processesreferred to in paragraphs (3) to (5)

9 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

The WHS act and the supply chain

WHS act imposes specific responsibilities upon designers,manufacturers, importer’s and suppliers

However the end customer still retains overall responsibility

Customer can rely upon advice (evidence) from suppliers

But what is the standard of persuasion? How much evidence isrequired and of what probative value? What may we presume?

Advice from legal counsel - When the courts can apply severepenalties, look for strict compliance

10 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

Project background

Project was a major capability upgrade to an in service aircraft by theOEM

Project was required to demonstrate compliance to the WHS Act(2011) to obtain Special Flight Permit. But demonstration ofcompliance was not required of the supplier explicitly

Compliance finding is part of the technical airworthiness framework

Degree of compliance finding (& evidence) needed is driven byprogram complexity, size and supplier maturity

Supports design acceptance and type certification

Compliance finding process is oriented towards design standards, notlegislation... So what to do?

11 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

Compliance finding and the WHS

Compliance finding process oriented towards design standards

These tend to generate an evidential tail of design artefacts (evidence)

Not so for legislation...

Solution, use the contracted system safety standard (MIL-STD-882C)

Tracing the WHS Act to the standard allows us to translatesubjective high level objectives to specific tasks and accomplishments

MIL-STD-882 is task/ data deliverables oriented, gives us evidence

Deliverables already in scope of contract, original build was done toMIL-STD-882C (with tailoring)

12 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

MIL-STD-882C System safety standard tasks

13 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

A bit more on evidence

Evidence and it’s quality is a key aspect of compliance finding:

Relevance*

Clarity

Unambiguity

Parsimony

Authenticity

The first part of the compliance finding task was therefore toestablish the relevance of each deliverable to WHS Act compliance

14 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

How well does the standard satisfy the WHS Act?

Competence and compliance - Yes

Reasonable forseeability of hazards - Yes

Hierarchy of controls - Yes

Use of design standards in lieu of risk analysis - Yes

Reasonable practicability - No (Customer must decide)

MIL-STD-882 myth: The standard is risk centric

MIL-STD-882C is not risk acceptance centric, instead it requires theupfront elimination/reduction of hazards much like the WHS Act

15 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

Practical implementation

Having confirmed adequate coverage the compliance finding teammoved into assessing the evidence provided by the OEM

For more complex deliverables the finding included an analysis of thedeliverables quality and a summary of the conclusions was included inthe compliance finding

An Independent Safety Assessors report provided additional backingevidence for the compliance finding

The exercise highlighted the necessity for compliance findings to beperformed by competent persons. In the case of specialist safetyanalyses (e.g. fault trees) this competence may not exist within theusual project office

16 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

Software hazards and reasonable practicability

The aircrafts software was also modified, these modifications wereassigned specific integrity levels on the basis of functional risk

Problem, risk acceptance based standards, such as DEF STAN00-55/56 or IEC 61508, violate reasonably practicable

In fact they can establish a case for recklessness

How do we establish that what was done was all that was reasonablypracticable?

17 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

Software hazards and reasonable practicability (Cont’d)

We ignored the SIL assignment and looked outside the project for an’industry standard’, we selected DO-178

We cross compared assigned integrity levels to FAA guidance(AC23.1309E) on DO-178 DALs for commercial aircraft classes

Non-trivial task to correlate SIL targets against DALs by function andfailure mode

Resultant comparison was used to establish whether what had beendone reflected an industry standard for assurance efforts

18 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

Results

19 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

Results

The project was able to demonstrate to the Design AcceptanceRepresentative that the project was compliant to the WHS Act

This did require a separate consideration of whether all ‘reasonablypracticable’ measured had been implemented by the customer

20 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

Conclusions

Risk acceptance based standards and the WHS Act don’t mix

Yes you can use MIL-STD-882C as a tool to demonstrate compliance,with some caveats

... much better if you do it upfront in the project

Risk driven software standards are extremely problematic under theact, SIL or DAL assignment ‘magic’ does not satisfy what’sreasonably practicable

In order to satisfy the duty holders due diligence obligations we seemto have gone full circle back to task/deliverable contracting

The full effects of the WHS Act on the regulatory landscape have notyet evinced themselves...so watch this space

21 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?

Future work

Express the WHS Act/MIL-STD-882CC compliance argumentutilising a formal notation such as Goal Structured Notation (GSN)

Identify how the tasks and deliverables of MIL-STD-882C can bebetter used to minimise project office compliance finding burden

Develop ‘advise to contractors’ guidance and model text for theASDEFCON contract templates.

22 ASSC 2015: Brisbane 28-29 May 2015 Or what is This Due Diligence thing anyway?